| As each device of network systems produces logs to record its behavior or correlative network events, log management and audit becomes very significant in network system maintenance and safety guarantee. The topic of Log Surveillance and Security Auditing System (LSSAS) in network is put forward with an aim at constructing a distributed platform for log surveillance and security auditing, at collecting all audit data and log data of various formats which lie in the various locations so as to enforce a uniform management and security audit.Based on analyses of the existing problems of the traditional log management and security audit, a distributed architecture of LSSAS platform in network is presented, and a LSSAS prototype based on B / S&- C/ S mixing mode is designed and implemented. Around the research and implementation of LSSAS in network, the following contents are studied in this thesis.1. On the basis of a thorough analysis and research on the products of the existing security audit in log recording, the middle log formats is presented, which is suitable for log conversion and various log fusion.2. On the basis of analyzing and comparing with the measures of the ordinary security audit, the data mining with learning ability is adopted to construct the analysis engine for security audit, and also the architecture of security audit engine based on data mining is presented.3. The prototype of LSSAS in network based on B / S& C/ S mixing mode is designed and implemented, and the log data collected by prototype system in the applied environment are analyzed and audited.This prototype is characterized by its real-time surveillance, centralized management and intelligence auditing. It also provides stronger support for security auditing in network. This prototype has already been applied to a provincial news website and an office network concerning national-security, and has greatly improved their security defense ability.
|
PDF Full Text Request